[Coco] OT: ISP SOS

Mike Pepe lamune at doki-doki.net
Wed Jul 25 23:21:41 EDT 2007

Previous message: [Coco] OT: ISP SOS
Next message: [Coco] OT: ISP SOS
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Gene Heskett wrote:

> On Wednesday 25 July 2007, kevdig at hypersurf.com wrote:

>> I can't send outgoing mail. Mozilla 1.8 gives an SMTP connection refused

>> error (This was sent using one of those web mail things). My ISP suggested

>> I try:

>>

>> telnet smtpauth.hypersurf.com 25

>>

>> This gives:

>>

>> telnet: connect to address 209.237.0.12: Network is unreachable

>>

>> I can ping it. I am on dialup and both systems I tried are running Linux

>> 2.4.31 (PowerMac 8600 and Toshiba laptop). Other than nat and masquerade

>> there are no iptable rules/chains installed that I know of.

>>

>> More disturbing, when I added a record <file> option to pppd and did:

>>

>> telnet smtpauth.hypersurf.com

>>

>> and then disconnected I saw some strange content from pppdump <file>:

>>

>> rcvd

>> "\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\f8\91{Z\00\ff\d0

>> \11\a9\b2\00\c0O\b6\e6\fc\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00

>> \00\00\00\00\00\01\00\00\00\00\00\00\00\00\00\ff\ff\ff\ff\18\01\00\00

>> \00\00\0a\00\00\00\00\00\00\00\0a\00\00\00SYSTEM"

>> rcvd "\00\00\00\00\00\00#\00\00\00\00\00\00\00#\00\00\00ALERT\00\00\00\00\00

>> \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00

>> \00\00\00\c2\00\00\00\00\00\00\00\c2\00\00\00 STOP! IMMEDIATE

>> ATTEN TI"

>> rcvd "ON REQUIRED\0a\0a Windows has found "

>> time 0.1s

>> rcvd "CRITICAL SYSTEM ERRORS.\0a\0a Download Registry Clean"

>> rcvd "er from: www.key32.com\0a\0aFAILURE TO ACT NOW MAY LEAD TO DATA LOSS

>> AN D CORRUPTION!\0a\0a\00\00\00\00\00\00\f7\a4~"

>>

>> Any suggestions welcome. My ISP thinks my systems are screwed up?

>>

>> kevin

>>

> www.key32.com, IIRC is a virii site. He's right I believe.

>

> That is disturbing in that the signs all point to the machine being

> compromised, possibly by a botnet infection.

>

> First is to unplug the phone line so it can't do any more damage.

>

> Copy off anything personal to some other storage media, and re-install, then

> make sure the first thing is an update to the latest patches.

>

> Or switch to linux.

>

Yep, you've been hax0r3d.

Time to reinstall!

Previous message: [Coco] OT: ISP SOS
Next message: [Coco] OT: ISP SOS
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Coco mailing list